Spam blocking by keywords in header

Hi all,

Can anyone foresee legitimate mail being dropped by adding a rule searching incoming header info for "0.0.0.0" or "UnknownHost" and then either dropping or filtering the message based on that content rule?

Getting inundated with stuff like this:

Return-Path: <BlancheXX@7363.com>
Received: from [0.0.0.0] (UnknownHost [82.194.10.53]) by mail.hosting.specialops.com with SMTP;
   Tue, 15 May 2018 05:53:58 -0400

It's getting by all my tests and filters for some inexplicable reason. It really shouldn't. Why would SM even accept a message from 0.0.0.0 in the first place? I don't think the null sender rule would help here.

Ideas?

kevind Replied

5/15/2018 at 8:25 AM

Not sure about the content rule, but here are some ideas...

I'm guessing you have block for no reverse DNS? What about upgrading to the latest version? Saw this in latest release notes for v15, but not sure what it means:

Fixed: rDNS and SPF both fail if there's no sending IP. (E.g., when a message comes from a gateway.)

Or, it might be related to this bug from 2016:

https://portal.smartertools.com/community/a87411/bug-messages-with-no-ptr-reverse-dns-are-accepted.aspx

Matthew Titley Replied

5/15/2018 at 9:21 AM

Thanks. Yeah, I have RDNS blocking. I'm on v15.7.6572. Not the latest v15 build. I should upgrade to 6698. I'm tempted to implement a custom rule for UnknownHost. Maybe I'll start with an intermediate spam rating rather than a drop.

Hemen Shah Replied

5/16/2018 at 7:01 AM

Am too in same boat and had raised this to SM and expecting fix in future release till then.

3 Replies

Reply to Thread

Related Knowledge Base Articles

3 Replies

Reply to Thread

Tags

Related Knowledge Base Articles